Multipart Upload API and Permissions

An individual must have the necessary permissions to use the multipart upload
operations. You can use ACLs, the bucket policy, or the user policy to grant individuals
permissions to perform these operations. The following table lists the required
permissions for various multipart upload operations when using ACLs, bucket policy,
or the
user policy.

Action

Required Permissions

Initiate Multipart Upload

You must be allowed to perform the s3:PutObject
action on an object to initiate multipart upload.

The bucket owner can allow other principals to perform the
s3:PutObject action.

Initiator

Container element that identifies who initiated the multipart upload. If the initiator
is
an AWS account, this element provides the same information as the Owner element.
If the initiator is an IAM User, this element provides the user ARN and display
name.

Upload Part

You must be allowed to perform the
s3:PutObject action on an object to upload a part.

Only the initiator of a multipart upload can upload parts. The bucket
owner must allow the initiator to perform the
s3:PutObject action on an object in order for the
initiator to upload a part for that object.

Upload Part (Copy)

You must be allowed to perform the
s3:PutObject action on an object to upload a part.
Because your are uploading a part from an existing object, you must be allowed
s3:GetObject on the source object.

Only the initiator of a multipart upload can upload parts. The bucket
owner must allow the initiator to perform the
s3:PutObject action on an object in order for the
initiator to upload a part for that object.

Complete Multipart Upload

You must be allowed to perform the
s3:PutObject action on an object to complete a
multipart upload.

Only the initiator of a multipart upload can complete that multipart
upload. The bucket owner must allow the initiator to perform the
s3:PutObject action on an object in order for the
initiator to complete a multipart upload for that object.

Abort Multipart Upload

You must be allowed to perform the
s3:AbortMultipartUpload action to abort a multipart
upload.

By default, the bucket owner and the initiator of the multipart upload
are allowed to perform this action. If the initiator is an IAM user, that
user's AWS account is also allowed to abort that multipart upload.

In addition to these defaults, the bucket owner can allow other
principals to perform the s3:AbortMultipartUpload action
on an object. The bucket owner can deny any principal the ability to perform the
s3:AbortMultipartUpload action.

List Parts

You must be allowed to perform the
s3:ListMultipartUploadParts action to list parts in a
multipart upload.

By default, the bucket owner has permission to list parts for any
multipart upload to the bucket. The initiator of the multipart upload has the
permission to list parts of the specific multipart upload. If the multipart
upload initiator is an IAM user, the AWS account controlling that IAM user
also has permission to list parts of that upload.

In addition to these defaults, the bucket owner can allow other
principals to perform the s3:ListMultipartUploadParts
action on an object. The bucket owner can also deny any principal the ability to
perform the s3:ListMultipartUploadParts
action.

List Multipart Uploads

You must be allowed to perform the
s3:ListBucketMultipartUploads action on a bucket to
list multipart uploads in progress to that bucket.

In addition to the default, the bucket owner can allow other principals
to perform the s3:ListBucketMultipartUploads action on
the bucket.